Also inline On mar, 2013-11-19 at 06:57 -0800, Demeter, Michael wrote: > Inline > > Casey can add more if he would like > > On Tue, Nov 19, 2013 at 6:34 AM, José Bollo <[email protected]> wrote: > > > On ven, 2013-11-15 at 21:56 +0000, Schaufler, Casey wrote: > > > We're in the process of merging the changes for the 3 Smack domain > > policy. > > > > That is great to go to only 3 smack's domain! > > > > Yes this makes maintenance much easier and much less complex
Yes > (snip) > > We wanted to create a minimal set of domains and rules to allow developers > to have something reasonable to start with.. It is mush easier to look at < > 10 domains and hundreds of rules as opposed to tens of thousands of rules. That is also my purpose. > Nothing stops you from adding additional domains. Remember that for each > additional Domain you must create the rules to allow other domains to [rwx] > etc. > > (snip) > > Security and privacy yes...Please keep in mind that Smack is an access > control mechanism and NOT a policy manager. There are good reasons to use access control to rely on the policy manager. It can prevent instead of punish/cure. > (snip) > > There are specific ways that systemd interacts with the running system that > Smack needed to take into account. There are some runtime directories that > when created by systemd they could no longer be written to by the running > application. > Also some runtime files created were not labeled correctly > There was also additional functionality added to the kernel for read > locking Casey can add more detail here... Interesting. I sew in smack-next the adds for LOCKING. José > > Michael > > > > Cheers > > José Bollo > > > > [1] https://wiki.tizen.org/wiki/Security/A_computer-aided_SMACK > > [2] > > > > https://developer.tizen.org/dev-guide/2.2.1/org.tizen.web.appprogramming/html/basics_tizen_programming/web_security_privacy.htm > > > > > > > > Once that is in place we will start polishing access rules and looking > > into peer domains. > > > > > > _______________________________________________ > > > Dev mailing list > > > [email protected] > > > https://lists.tizen.org/listinfo/dev > > > > > > _______________________________________________ > > Dev mailing list > > [email protected] > > https://lists.tizen.org/listinfo/dev > > > > > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
